一键脚本:
curl -sS -O https://raw.githubusercontent.com/woniu336/open_shell/main/ophaproxy.sh && chmod +x ophaproxy.sh && ./ophaproxy.sh
验证
ulimit -n
haproxy脚本
curl -sS -O https://raw.githubusercontent.com/woniu336/open_shell/main/bt-cf/haproxy/setup_haproxy.sh && chmod +x setup_haproxy.sh && ./setup_haproxy.sh
验证
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
可以根据服务器核心数设置nbthread 1参数,例如4核心,则是nbthread 4
检查 HAProxy 服务状态:
systemctl status haproxy
重启
systemctl restart haproxy
ssh连接优化
# 配置 PAM
if grep -q "^UsePAM" /etc/ssh/sshd_config; then
sed -i 's/^UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config
else
echo "UsePAM yes" >> /etc/ssh/sshd_config
fi
# 禁用 X11 转发
if grep -q "^X11Forwarding" /etc/ssh/sshd_config; then
sed -i 's/^X11Forwarding.*/X11Forwarding no/' /etc/ssh/sshd_config
else
echo "X11Forwarding no" >> /etc/ssh/sshd_config
fi
# 禁用 DNS 查询
if grep -q "^UseDNS" /etc/ssh/sshd_config; then
sed -i 's/^UseDNS.*/UseDNS no/' /etc/ssh/sshd_config
else
echo "UseDNS no" >> /etc/ssh/sshd_config
fi
# 检查配置
sshd -t && systemctl restart sshd
以下是手动设置
系统调优
cat > /etc/sysctl.conf << 'EOF'
# 文件描述符限制
fs.file-max = 6815744
# TCP 基础优化参数
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_frto = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_moderate_rcvbuf = 1
# 网络缓冲区优化
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.tcp_wmem = 4096 16384 33554432
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
# 网络转发设置
net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
# TCP keepalive 参数
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
# BBR 拥塞控制
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
# 连接队列优化
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
# TIME_WAIT 优化
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# TCP 性能优化
net.ipv4.tcp_slow_start_after_idle = 0
EOF
sysctl -p && sysctl --system
修改 systemd 限制
mkdir -p /etc/systemd/system/haproxy.service.d/ && echo -e "[Service]\nLimitNOFILE=200000" > /etc/systemd/system/haproxy.service.d/limits.conf && systemctl daemon-reload
添加 HAProxy 限制到 limits.conf
cat > /etc/security/limits.conf << 'EOF'
* soft nofile 200000
* hard nofile 200000
root soft nofile 200000
root hard nofile 200000
haproxy soft nofile 200000
haproxy hard nofile 200000
EOF
修改 profile:
echo "ulimit -n 200000" >> /etc/profile
确保 sshd_config 中启用 PAM:
sed -i 's/#UsePAM yes/UsePAM yes/' /etc/ssh/sshd_config
应用更改
# 重启 sshd 服务
systemctl restart sshd
# 使 profile 更改生效
source /etc/profile
# 验证设置
ulimit -n
重启
# 重新加载 systemd 配置
systemctl daemon-reload
# 重启 HAProxy 服务
systemctl restart haproxy
查询
ulimit -n
检测配置文件是否有效
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
重启
sudo systemctl restart haproxy
检查 HAProxy 服务状态:
systemctl status haproxy
获取 HAProxy 主进程 PID
pidof haproxy
检查主进程(root)的限制
cat /proc/45924/limits | grep "open files"
检查工作进程(haproxy)的限制
cat /proc/45926/limits | grep "open files"
查看当前信息, 安装socat:
apt-get update
apt-get install socat
查询
echo "show info" | socat unix-connect:/run/haproxy/admin.sock stdio
CurrConns 当前连接数
MaxConnRate 最大连接速率/每秒
CumConns 累计连接数